Threat

Fortinet Confirms Active FortiCloud SSO Bypass on Fully Patched FortiGate Firewalls

Fortinet has acknowledged active exploitation targeting a FortiCloud SSO authentication bypass vulnerability, even on firewalls that have received the latest patches. The security vendor is currently working to implement a permanent fix. Fortinet’s Chief Information Security Officer, Carl Windsor, stated in a post on Thursday, “Over the past 24 hours, we have observed multiple incidents […]

Fortinet Confirms Active FortiCloud SSO Bypass on Fully Patched FortiGate Firewalls Read More »

Multi Stage Phishing Campaign Targets Russia Using Amnesia RAT and Ransomware

Cybersecurity researchers have identified a sophisticated multi-stage phishing campaign actively targeting users in Russia, delivering both ransomware and a remote access trojan known as Amnesia RAT. According to a technical analysis published by Fortinet FortiGuard Labs researcher Cara Lin, the attack chain begins with carefully crafted social engineering lures delivered through business-themed documents. These files

Multi Stage Phishing Campaign Targets Russia Using Amnesia RAT and Ransomware Read More »

CISA Adds Actively Exploited VMware vCenter Vulnerability CVE-2024-37079 to KEV Catalog

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a critical security vulnerability affecting Broadcom VMware vCenter Server to its Known Exploited Vulnerabilities (KEV) catalog, citing confirmed evidence of active exploitation in real world attacks. The flaw, tracked as CVE-2024-37079 and assigned a CVSS score of 9.8, impacts the implementation of the DCE/RPC protocol within VMware

CISA Adds Actively Exploited VMware vCenter Vulnerability CVE-2024-37079 to KEV Catalog Read More »

CISA Updates KEV Catalog to Include Four Actively Exploited Software Vulnerabilities

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has updated its Known Exploited Vulnerabilities (KEV) catalog by adding four software security flaws that are confirmed to be actively exploited in real world attacks. CISA stated that these additions are based on verified evidence of exploitation, highlighting an increased risk to both public and private sector

CISA Updates KEV Catalog to Include Four Actively Exploited Software Vulnerabilities Read More »

Microsoft Flags Multi-Stage AitM Phishing and BEC Attacks Targeting Energy Firms

Microsoft has issued an alert regarding a sophisticated multi-stage adversary-in-the-middle (AitM) phishing campaign combined with business email compromise (BEC) activity, primarily targeting organizations operating in the energy sector. According to the Microsoft Defender Security Research Team, the attackers exploited SharePoint file-sharing services to distribute phishing content while creating inbox rules to remain persistent and avoid

Microsoft Flags Multi-Stage AitM Phishing and BEC Attacks Targeting Energy Firms Read More »

Phishing Attack Uses Stolen Credentials to Install LogMeIn RMM for Persistent Access

Cybersecurity experts have revealed a sophisticated dual-phase phishing campaign that uses stolen login credentials to install legitimate Remote Monitoring and Management (RMM) software, giving attackers long-term control over compromised systems. According to researchers at KnowBe4 Threat Labs, Jeewan Singh Jalal, Prabhakaran Ravichandhiran, and Anand Bodke, attackers are now bypassing traditional security defenses by leveraging trusted

Phishing Attack Uses Stolen Credentials to Install LogMeIn RMM for Persistent Access Read More »

New Osiris Ransomware Strain Uses POORTRY Driver in BYOVD Attacks

Cybersecurity researchers have uncovered a new ransomware strain called Osiris, which targeted a major food service franchise operator in Southeast Asia in November 2025. The attack demonstrates advanced techniques, including the use of a malicious driver named POORTRY in a bring your own vulnerable driver (BYOVD) attack to disable security software. Osiris: A Brand-New Ransomware Strain Osiris is a completely

New Osiris Ransomware Strain Uses POORTRY Driver in BYOVD Attacks Read More »

Critical GNU InetUtils telnetd Vulnerability Allows Login Bypass and Root Access

A severe security vulnerability has been disclosed in the GNU InetUtils telnet daemon (telnetd) that has remained unnoticed for nearly 11 years. The flaw allows remote attackers to bypass authentication and gain root access on affected systems. Vulnerability Overview The flaw, tracked as CVE-2026-24061, carries a CVSS score of 9.8/10. It impacts all GNU InetUtils versions from 1.9.3 through

Critical GNU InetUtils telnetd Vulnerability Allows Login Bypass and Root Access Read More »

Malicious PyPI Package Masquerades as SymPy and Deploys XMRig Miner on Linux Hosts

A newly identified malicious package hosted on the Python Package Index (PyPI) has been caught impersonating the widely used SymPy library to deploy harmful payloads on Linux machines. The campaign highlights the growing risk of supply chain attacks targeting developers through trusted open source repositories. Fake Development Package Targets Python Users The malicious package, named sympy-dev,

Malicious PyPI Package Masquerades as SymPy and Deploys XMRig Miner on Linux Hosts Read More »

SmarterMail Authentication Bypass Actively Exploited Just Two Days After Patch Release

A newly discovered security vulnerability in SmarterTools SmarterMail email software is being actively exploited in real world attacks only two days after a fix was released. The rapid exploitation has raised concerns about patch awareness, disclosure practices, and the exposure of email infrastructure to credential takeover and remote code execution. Authentication Bypass Identified and Patched

SmarterMail Authentication Bypass Actively Exploited Just Two Days After Patch Release Read More »